GitOps

GitOps applies DevOps practices to infrastructure automation, using Git workflows to manage and deploy infrastructure changes with the same rigor as application code.

Why it matters

• Creates an auditable, version-controlled history of all infrastructure changes.
• Enables rollbacks by reverting to previous Git commits.
• Reduces configuration drift by continuously reconciling actual state with desired state.
• Empowers teams to use familiar Git workflows (pull requests, code reviews) for infrastructure.

Key concepts

• Declarative configuration: Infrastructure defined in YAML, JSON, or HCL files stored in Git.
• Pull-based deployment: Agents in the cluster pull changes from Git rather than CI/CD pushing to clusters.
• Reconciliation loop: Controllers continuously compare cluster state to Git and apply corrections.
• Drift detection: Automatic identification when running infrastructure diverges from Git definitions.

Common GitOps tools

• Argo CD: Kubernetes-native continuous delivery with UI and CLI.
• Flux: CNCF project for GitOps on Kubernetes.
• Terraform Cloud: GitOps workflows for multi-cloud infrastructure.
• Pulumi: Infrastructure as code with GitOps integrations.

Implementation patterns

• Store environment configurations in separate Git branches or directories.
• Require pull request approvals for production infrastructure changes.
• Implement automated testing and policy checks in CI before merge.
• Use sealed secrets or external secret managers for sensitive values.

Common pitfalls

• Storing secrets directly in Git repositories without encryption.
• Not separating application code from infrastructure definitions.
• Allowing manual changes to bypass Git workflows.
• Failing to handle merge conflicts in declarative configurations.